Articles by David M. Stauss

Amendments proposed to Virginia Consumer Data Protection Act

Virginia lawmakers will consider multiple amendments to the Virginia Consumer Data Protection Act in advance of its January 1, 2023 effective date.

David M. Stauss

January 25, 2022

Virginia lawmakers will consider multiple amendments to the Virginia Consumer Data Protection Act in advance of its January 1, 2023 effective date.

European Commission adopts new standard contractual clauses

Keypoint: Companies using the previous standard contractual clauses will have eighteen months to transition to the new documents.

David M. Stauss

June 21, 2021

Earlier this month, the European Commission announced that it has adopted “two sets of standard contractual clauses, one for use between controllers and processors and one for the transfer of personal data to third countries.” The new SCCs take into account new requirements under the General Data Protection Regulation as well as the Court of Justice’s Schrems II opinion.

CPRA update: Board appointments announced for California Privacy Protection Agency

Keypoint: The appointment of the five California Privacy Protection Agency board members is the first significant step to the California Privacy Rights Act becoming fully operative in 2023.

David M. Stauss

March 24, 2021

On March 17, California officials announced the establishment of the five-member inaugural board for the California Privacy Protection Agency (CPPA). The CPPA was established by the California Privacy Rights Act (CPRA), which California voters approved in the November election. The CPPA will take over rulemaking duties from the California Attorney General’s office and will administratively enforce the CPRA. Given that California has the world’s fifth largest economy, the CPPA has the potential to be one of the most important data privacy authorities in the world.

CCPA update: New regulations approved

Keypoint: Modifications to the CCPA regulation’s provisions regarding requests to opt-out and authorized agent requests are now final.

David M. Stauss

March 23, 2021

On March 15, 2021, the California Attorney General’s office announced that the Office of Administrative Law has approved the Attorney General’s proposed changes to the CCPA regulations. The new regulations make three general changes relating to the right to opt out of sales and one change to authorized agent requests. In addition, the Attorney General’s press release reaffirms that enforcement activities are proceeding.

Analyzing the draft standard contractual clauses

Once finalized, US entities can use the new Standard Contractual Clauses to legally transfer data out of the EEA when combined with appropriate supplementary measures.

David M. Stauss

December 1, 2020

As discussed in our prior post, on November 12, 2020, the European Commission published a draft implementing decision on standard contractual clauses (SCCs) for the transfer of personal data to third countries and draft standard contractual clauses. Once finalized, the SCCs will replace the existing SCCs for data transfers out of the EEA.

Combating Complacency: Getting the Most Out of Your Data Breach Response Plan

Analyzing the EDPB’s draft recommendations on supplementary measures

In the wake of Schrems II, the EDPB’s much-anticipated recommendations provide extensive guidance on supplementary measures parties can use to legally transfer data out of the EEA in the absence of an adequacy decision.

David M. Stauss

November 20, 2020

In a flurry of activity last week, the European Data Protection Board (EDPB) and the European Commission made major announcements affecting cross-border data transfers out of the EEA. First, the EDPB announced the adoption of draft recommendations on measures that supplement cross-border data transfer tools as well as recommendations on the European Essential Guarantees for surveillance measures. The below post will examine the EDPB’s draft recommendations on supplementary measures. The draft new standard contractual clauses will be discussed in a separate post.

What U.S. companies should know about LGPD – Brazil’s new General Data Protection Law

LGPD is a complicated regulatory regime that will required U.S. entities subject to its requirements to undertake substantial compliance efforts.

David M. Stauss

September 23, 2020

As documented in Dirceu Santa Rosa’s article for the IAPP’s Privacy Tracker, efforts to delay the effective date of Brazil’s General Data Protection Law – Lei Geral de Proteção de Dados or LGPD – recently failed, and the law is expected to go into force in the coming days. Brazil’s federal government also published a decree approving the regulatory structure of the Autoridade Nacional de Proteção de Dados, i.e., Brazil’s national data protection authority.

Switzerland’s DPA concludes that Swiss-US Privacy Shield does not provide adequate level of protection

David M. Stauss

September 18, 2020

The fallout from the Schrems II judgment continued with an announcement from Switzerland’s Federal Data Protection and Information Commissioner (FDPIC) that the Swiss-US Privacy Shield regime “does not provide an adequate level of protection for data transfer from Switzerland to the US pursuant to [Switzerland’s] Federal Act on Data Protection (FADP).”

European Commission and EDPB provide update on efforts to address cross-border transfers after Schrems II

Keypoint: Representatives of the European Commission and EDPB advised that further guidance on cross-borders data transfers are forthcoming.

David M. Stauss

September 11, 2020

Last week, Didier Reynders, European Commissioner for Justice, and Dr. Andrea Jelinek, Chair of the European Data Protection Board (EDPB), appeared at a hearing conducted by the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs, and updated committee members on their work since the Schrems II decision. In his remarks, Mr. Reynders identified three main areas on which the Commission is focusing.

CCPA update: Analyzing the changes to the final CCPA Regulations

David M. Stauss

Malia Rogers

August 18, 2020

On Friday, August 14, 2020, the California Office of Administrative Law (OAL) approved the California Office of the Attorney General’s (OAG) final CCPA regulations and filed them with the California Secretary of State (SOS). The regulations were immediately effective. Notably, the final text of the regulations submitted to the SOS was modified from the one filed with the OAL. The OAG published an Addendum to the Final Statement of Reasons setting forth the changes. Many of the changes are stylistic and grammatical. However, some of the changes are substantive and will impact compliance efforts. The most notable changes are discussed below.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.

Articles by David M. Stauss

Amendments proposed to Virginia Consumer Data Protection Act

European Commission adopts new standard contractual clauses

CPRA update: Board appointments announced for California Privacy Protection Agency

CCPA update: New regulations approved

Analyzing the draft standard contractual clauses

Analyzing the EDPB’s draft recommendations on supplementary measures

What U.S. companies should know about LGPD – Brazil’s new General Data Protection Law

Switzerland’s DPA concludes that Swiss-US Privacy Shield does not provide adequate level of protection

European Commission and EDPB provide update on efforts to address cross-border transfers after Schrems II

CCPA update: Analyzing the changes to the final CCPA Regulations

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.